Information obligations as per Art. 13 of the GDPR
The protection of your personal data is very important to us. We therefore process your personal data (abbreviated as "data") solely on the basis of legal provisions. With this data privacy statement, we want to comprehensively inform you about the processing of your data in our company and the rights and entitlements available to you under data protection law according to Art. 13 of the EU's General Data Protection Regulation (GDPR).
1. Who is responsible for data processing and to whom can you refer?
Responsibility rests with
Email: [email protected]
Telephone: 09181 906-0
The company's data protection officer is
Projekt 29 GmbH & Co. KG
Email: [email protected]
2. Which data is processed and from which sources does this data originate?
We process the data that we receive from you as part of contract initiation/implementation using consent, as part of your application to us or as part of your employment with us.
Personal data includes:
Your master/contact data; for customers, this includes for example the first name, surname, address, contact data (email address, telephone number, fax) and bank details.
For applicants and employees, this includes for example the first name, surname, address, contact data (email address, telephone number, fax), date of birth, data from CVs and job references, bank data, religious beliefs and photographic images.
For commercial partners, this includes for example the name of your legal representatives, company, commercial register number, VAT ID no., company number, address, contact person contact data (email address, telephone number, fax) and bank details.
For visitors to our company, this includes name and signature.
For journalists, this includes first name, surname, email address and fax number.
For competition participants, this includes first name, surname and email address.
In User Experience Research, interviews, user tests and field observations are regularly carried out to find out user needs and problems.
The findings obtained are used in product development (digital services) to develop appropriate solutions for user problems. The participants involved in these tests may be customers or non-customers of DEHN. For this purpose, we have stored the name and contact details (address, telephone number, email address) of test participants in order to contact them. No personal data is used in the evaluations themselves. Interviews, user tests or field observations are recorded so they can be subsequently transcribed. No personal data is evaluated.
In the case of remote maintenance work on the IT system by service providers who have been granted access via BeyondTrust (here: tunnel jump access via unmanaged devices with session recording), this includes file with the screen recording, start time of the session, duration of the session, system to which the connection is recorded, user (recognition by ActiveDirectory login name), chat messages in the BeyondTrust console, IP address (private and public), computer name, operating system of the computer.
In the case of remote maintenance work on the IT system by service providers who require access via BeyondTrust (here: RDP jump method access via managed devices without session recording ),this includes start time of the session, duration of the session, system to which the connection is recorded, user (recognition by ActiveDirectory login name), chat messages in theBeyondTrust console, IP address (private and public), computer name, operating system of the computer.
Furthermore, we also process the following other personal data:
- Information about the type and content of contractual data, sales and document data, customer and supplier history, as well as consulting documentation
- Advertising and sales data
- Information from your electronic communication with us (e.g. IP address, login data)
- Other data that we have received from you as part of our commercial relationship (e.g. in customer talks)
- Data that we generate ourselves from master/contact data, as well as other data, such as using customer requirement and customer potential analyses
- The documentation of your declaration of consent, for example for receiving newsletters.
- Photographic images as part of events
3. For what purposes and on what legal basis is data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act 2018, as amended:
- To meet (pre-)contractual obligations (Art. 6, Para. 1, lit. b of the GDPR):
Your data for contract implementation or your employment in our company is processed online or in our branches. Data is processed in particular for the initiation of business and the implementation of contracts with you.
- For the meeting of legal obligations (Art. 6, Para. 1, lit. c of the GDPR):
The processing of your data is required for the purpose of meeting various legal obligations, e.g. under the German Commercial Code or the German Fiscal Code.
- For the safeguarding of legitimate interests (Art. 6, Para. 1, lit. f of the GDPR):
Based on a balancing of interests, data may be processed beyond the actual fulfilment of the contract for the safeguarding of the legitimate interests of ourselves or third parties. Data processing for the safeguarding of legitimate interests occurs, for example, in the following cases:
- Advertising or marketing (see no. 4)
- Measures for business management and the further development of services and products
- Managing a group-wide customer database for improving customer service
- As part of litigation
- The sending of non-sales-promoting notifications and press releases
- As part of your consent (Art. 6, Para. 1, lit. a of the GDPR):
If you have granted us permission to process your data; e.g. for the sending of our newsletter, publishing of photos, participating in tests, competitions, etc.
4. Processing personal data for promotional purposes
You can object to the use of your personal data for promotional purposes at any time, generally or just for individual measures, without any costs being incurred other than the transmission costs at the basic tariffs.
We authorised under the statutory regulations of §7, Para. 3 of the German Unfair Competition Act to use the email address that you specified upon contract conclusion for the direct marketing of similar goods or services of our own. You receive these product recommendations from us irrespective of whether you have subscribed to a newsletter.
If you do not want to receive such recommendations from us via email, you can object to the use of your email address for this purpose at any time without any costs being incurred other than the transmission costs at the basic tariffs. A notification in text form will suffice for this. A link to unsubscribe is always included in every email.
5. Who receives my data?
If we employ a service provider within the context of order processing, we continue to remain responsible for the protection of your data. All processors are contractually obligated to treat your data confidentially and only to process it within the course of service provision. The processors commissioned by us obtain your data, provided they require this data for the fulfilment of their respective task. Such processors may be, for example, IT service providers, who we require for the operation and security of our IT system, as well as commercial publishers and list brokers for our own marketing activities.
Your data is processed in our customer database. The customer database supports quality improvements to existing customer data (duplicate cleansing, invalid/deceased labels, address corrections etc.) and allows for databases to be enhanced with data from public sources.
This data is provided to group companies, provided this is necessary for contract implementation. Customer data is saved in a company-related and separated manner, whereby our parent company acts as a service provider for the individual participating companies.
In the event of a legal obligation or as part of litigation, authorities, courts and external auditors could be the recipients of your data.
Furthermore, for the purpose of contract initiation and fulfilment, insurance providers, banks, credit agencies and service providers could be the recipients of your data.
6. How long will my data be saved for?
We will process your data until the end of the contractual relationship or until the expiry of any legal retention periods that apply (such as under the German Commercial Code, the German Fiscal Code or the German Working Hours Act); and also until the end of any legal disputes for which data is required as evidence. If you appear in video or audio recordings of the research, then we will save these for max. 3 years.
7. Is personal data transmitted to a third country?
Data is never sent to a third country by us. Such a transmission will only occur in certain cases on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees or your explicit consent.
8. What data protection rights do I have?
You have a right at all times to information, rectification, erasure or restriction of processing of your stored data, the right to object to processing and the right to data portability or to lodge a complaint according to the requirements of data protection law.
Right to information:
You have the right to obtain information from us as to whether and to what extent we process your personal data.
Right to rectification:
You have the right to demand rectification of any incomplete or inaccurate personal data that we process.
Right to erasure:
You have the right to demand that we erase your data if we process any of it unlawfully, or if the processing excessively interferes with your legitimate data-protection interests. Please note that there may be reasons why we may not be able to effect immediate erasure, e.g. in the case of data storage requirements stipulated by law.
Regardless of whether you exercise your right to erasure, we will immediately and completely erase your data as long as there is no transactional, contractual or legal retention requirement that would prevent this.
Right to restriction of processing:
You have the right to demand that we restrict the processing of your data if
- you contest the accuracy of the data, in which case the restriction will apply for a period enabling us to verify the accuracy of the data,
- the processing is unlawful but you decline erasure of the personal data and instead request the restriction of their use,
- we no longer need the personal data for the purposes of processing, but you need the data in order to exercise or defend legal claims, or
- you have objected to the processing of your personal data.
Right to data portability:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from us, provided
- that we are processing this data on the basis of a revocable consent issued by you or to meet the requirements of a contract between us, and
- this processing is carried out by automated means.
If technically possible, we can directly transmit your data to another controller upon your request.
Right to object:
If we process your data for legitimate reasons, you can object to this processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or the processing is for the purpose of asserting, exercising or defending legal claims. You may object to the processing of your data for the purposes of direct marketing without providing a reason.
Right to lodge a complaint:
If you believe that we are processing your data in violation of German or European data protection law, we ask that you contact us so that we can resolve the matter. You also have the right to contact the supervisory authority responsible for you – the respective state office for data protection.
If you intend to assert one of the above rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. Do I have an obligation to submit data?
The processing of your data is required for the conclusion/fulfilment of the contract you enter with us. If you do not supply us with this data, we will usually have to decline concluding a contract with you or will no longer be able to implement an existing contract and must ultimately terminate it. However, you are not obligated to grant consent to data processing which is not relevant or not legally required for the fulfilment of a contract.